openSUSE-SU-2026:20137-1

Опубликовано: 29 янв. 2026

Источник: suse-cvrf

Описание

Security update for openvpn

This update for openvpn fixes the following issues:

CVE-2025-13086: Fixed improper validation of source IP addresses in OpenVPN that could lead to DoS (bsc#1254486).

Список пакетов

openSUSE Leap 16.0

openvpn-2.6.10-160000.3.1

openvpn-auth-pam-plugin-2.6.10-160000.3.1

openvpn-devel-2.6.10-160000.3.1

openvpn-down-root-plugin-2.6.10-160000.3.1

Ссылки

https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1254486
SUSE Bug 1254486
https://www.suse.com/security/cve/CVE-2025-13086/
SUSE CVE CVE-2025-13086 page

Описание

Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client

Затронутые продукты

openSUSE Leap 16.0:openvpn-2.6.10-160000.3.1

openSUSE Leap 16.0:openvpn-auth-pam-plugin-2.6.10-160000.3.1

openSUSE Leap 16.0:openvpn-devel-2.6.10-160000.3.1

openSUSE Leap 16.0:openvpn-down-root-plugin-2.6.10-160000.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-13086.html
CVE-2025-13086
https://bugzilla.suse.com/1254486
SUSE Bug 1254486

openSUSE-SU-2026:20137-1

Описание

Список пакетов

openSUSE Leap 16.0

Ссылки

Уязвимость: CVE-2025-13086

Описание

Затронутые продукты

Ссылки